nCircle Boosts Vulnerability Management Coverage for SCADA Vendors

nCircle, a provider of information risk and security performance management solutions, today announced that it has expanded its coverage for the SCADA systems and devices that manage and control critical infrastructure.

Critical infrastructure is designated by the Department of Homeland Security (DHS) and the North American Reliability Corporation (NERC) as the assets, systems, and networks so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security and public health or safety.

“SCADA networks are the most unprotected networks of all and now cyber-criminals have them in their sights,” noted Marc Solomon, Chief Marketing Officer at Sourcefire in a recent SecurityWeek column. “If they get access, the consequences for many organizations, their customers and perhaps the population at large, could be extremely damaging.”

“nCircle’s Vulnerability Exposure and Research Team (VERT) has been working hand-in-hand with leading energy suppliers and critical infrastructure providers in a carefully designed program to deliver safe, accurate detection of SCADA equipment, applications and vulnerabilities on production devices,” said Lamar Bailey, director of security research and development for nCircle. “We understand how important up-time is for critical infrastructure providers and that’s why our program is built on supplier and customer partnerships. Because we develop scanning solutions for production networks, we develop and test our solutions in real, working environments. This precaution ensures our vulnerability detection techniques can be used safely in live production environments.”

nCircle said that its Suite360™ now covers vulnerabilities from the following vendors:

• Rugged Operating Systems

• GE Industrial Systems

• Arbiter

• GE RTU

• Schweitzer Engineering Laboratories

• Lantronix

“Regular automated vulnerability scanning of SCADA equipment helps operations teams identify known vulnerabilities so they can be prioritized for remediation,” said Seth Bromberger, principal, NCI Security. “Vendor testing programs like nCircle's can help ensure this scanning has no unintended effects on the correct operation of this critical equipment.”

“Process control networks are mission critical and security is of paramount importance,” Solomon continued. “Increasingly on the radar of sophisticated attackers, it’s time for the SCADA network to be on the radar of management and get the organizational attention, and protection, it deserves.”

For more than 10 years, Mike Lennon has been closely monitoring and analyzing trends in the enterprise IT security space and the threat landscape. In his role at SecurityWeek he oversees the editorial direction of the publication and manages several leading security conferences.